From owner-freebsd-pf@FreeBSD.ORG Wed Dec 20 16:23:40 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 45F3F16A4D4 for ; Wed, 20 Dec 2006 16:23:40 +0000 (UTC) (envelope-from jordan@ostreff.info) Received: from mail.classic-bg.net (87-126-29-101.btc-net.bg [87.126.29.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1575743D31 for ; Wed, 20 Dec 2006 16:23:10 +0000 (GMT) (envelope-from jordan@ostreff.info) Received: (qmail 27656 invoked by uid 1002); 20 Dec 2006 15:56:04 -0000 Received: from 212.5.128.74 by classic.classic-bg.net (envelope-from , uid 89) with qmail-scanner-1.25 (f-prot: 4.6.7/3.16.15. spamassassin: 3.1.7. Clear:RC:1(212.5.128.74):. Processed in 0.31518 secs); 20 Dec 2006 15:56:04 -0000 X-Qmail-Scanner-Mail-From: jordan@ostreff.info via classic.classic-bg.net X-Qmail-Scanner: 1.25 (Clear:RC:1(212.5.128.74):. Processed in 0.31518 secs) Received: from unknown (HELO ?212.5.128.74?) (jordan@ostreff.info@212.5.128.74) by 192.168.1.2 with ESMTPA; 20 Dec 2006 15:56:03 -0000 Message-ID: <45895D09.9000202@ostreff.info> Date: Wed, 20 Dec 2006 17:55:53 +0200 From: Jordan Ostreff User-Agent: Mozilla Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Subject: PF problems with freebsd versions 6.0/6.1 and now with 6.2-PRERELEASE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 16:23:40 -0000 Dear Sirs, I'm writing this email because I believe that you really try to make FreeBSD - best free and open source operating system in the world. My problem today was with very simple installation with web server (apache-2.2.3/mysql-5.0/php4.4.2) and GENERIC kernel on machine amd64. I have enabled pf and pflog via rc.conf so on boot machine loads kernel modules. I have installed port named http_load on another machine in the same lan segment. When I have started http_load -parallel 1000 -seconds 600 some_url_on_machine_with_pf I see that machine with PF quickly goes inaccessible and I see on his console that system is totally freeze. I have problems with similar configuration in following cases: a) GENERIC kernel amd 64 SMP 6.1-RELEASE and 6.2-PRERELEASE b) pf build into kernel on i386 SMP and non-SMP, 6.0-R-p16 and 6.1-RELEASE c) pf without ALTQ into kernel on i386 SMP and non-SMP 6.0-RELEASE-p16 Today I have switched firewalls on all those systems to IPFW and it works! Please if you are interested in this case I can provide more specific information and also configuration files! Regards Jordan